PESCAN.IO — Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Executable header (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 4,62 MB
SHA-256 Hash: 0BD1D24E8009C65086ECC928E526D5668703E51A09AA0C642A9EA80F6A92FDBA
SHA-1 Hash: 2AF4E3D29D34D4446C8EB2A9E0E6B38F9EF5C7F9
MD5 Hash: A11A617D9C31C8964DB95B8A62342402
Imphash: 44E6B8432EA5D277B652AD1D4B806259
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 0046D767
EntryPoint (rva): 24EEAC
SizeOfHeaders: 400
SizeOfImage: 4A7000
ImageBase: 0000000140000000
Architecture: x64
ExportTable: 3F63B0
ImportTable: 3F6430
IAT: 26D000
Characteristics: 22
TimeDateStamp: 4CF47E78
Date: 30/11/2010 4:32:56
File Type: EXE
Number Of Sections: 9
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .detourc, .detourd, .rsrc, .reloc, .npc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	E0000020 (Code, Executable, Readable, Writeable)	400	26C000	1000	26BE07	6,2846	21254332,39
.rdata	40000040 (Initialized Data, Readable)	26C400	1B1C00	26D000	1B1B38	6,7119	13727905,84
.data	C0000040 (Initialized Data, Readable, Writeable)	41E000	FA00	41F000	114D0	4,3707	2651106,01
.pdata	40000040 (Initialized Data, Readable)	42DA00	13800	431000	13680	6,0494	1538557,25
.detourc	40000040 (Initialized Data, Readable)	441200	2200	445000	21C0	2,9949	683820,59
.detourd	C0000040 (Initialized Data, Readable, Writeable)	443400	200	448000	18	0,1161	126528,00
.rsrc	40000040 (Initialized Data, Readable)	443600	17600	449000	175F0	6,8840	912756,82
.reloc	42000040 (Initialized Data, GP-Relative, Readable)	45AC00	6800	461000	6750	5,4531	144488,65
.npc	0 (None)	461400	3E400	468000	3E33A	7,9991	307,98

Description

OriginalFilename: obs
CompanyName: OBS
LegalCopyright: (C) Lain Bailey
ProductName: OBS Studio
FileVersion: 30.0.2
FileDescription: OBS Studio
ProductVersion: 30.0.2
Comments: Free and open source software for video recording and live streaming
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 24E2AC
Code -> 4883EC28E8AF0200004883C428E97AFEFFFFCCCC4883611000488D05CC16160048894108488D05E9490200488901488BC1C3
• SUB RSP, 0X28
• CALL 0X12B8
• ADD RSP, 0X28
• JMP 0XE8C
• INT3
• INT3
• AND QWORD PTR [RCX + 0X10], 0
• LEA RAX, [RIP + 0X1616CC]
• MOV QWORD PTR [RCX + 8], RAX
• LEA RAX, [RIP + 0X249E9]
• MOV QWORD PTR [RCX], RAX
• MOV RAX, RCX
• RET

Signatures

CheckSum Integrity Problem:
• Header: 4642663
• Calculated: 4882268
Certificate - Digital Signature:
• The file is not signed

Packer/Compiler

Compiler: Microsoft Visual Studio
Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(-)[-]
• PE+(64): library: Qt(x.xx)[static linked]
• PE+(64): linker: Microsoft Linker(14.35**)[-]
• Entropy: 6.83652

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	CreateMutexW	Create a named or unnamed mutex object for controlling access to a shared resource.
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryW	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.
SHELL32.DLL	ShellExecuteExW	Performs a run operation on a specific file.

File Access

obs64.exe
obs-studio\updates\updater.exe
//obsproject.com/update_studio/updater.exe
libmbedcrypto.dll
avformat-60.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
VCRUNTIME140_1.dll
VCRUNTIME140.dll
MSVCP140.dll
ADVAPI32.dll
ole32.dll
USER32.dll
KERNEL32.dll
SHELL32.dll
Qt6Core.dll
Qt6Network.dll
Qt6Xml.dll
Qt6Gui.dll
Qt6Svg.dll
Qt6Widgets.dll
obs.dll
obs-frontend-api.dll
libcurl.dll
libobs-opengl.dll
libobs-d3d11.dll
Basic.Settings.General.Scr
BlendingMode.Scr
OBSBasic.Scr
Hotkeys.Scr
Basic.StatusBar.Scr
0.MsI
Basic.Sys
Basic.Settings.General.Sys
.dat
@.dat
console.log
Basic.MainMenu.Help.Log
../../portable_mode.txt
license/gplv2.txt
Could not open locale.ini
Could not find locale.ini
locale.ini
.ini
Failed to find locale/en-US.ini
locale/en-US.ini
Failed to open global.ini
obs-studio/global.ini
window.ytlsapi.ini
if (window.ytlsapi && window.ytlsapi.ini
Failed to load basic.ini
Failed to open basic.ini
Failed to get basic.ini
basic.ini
/basic.ini
Temp
HTML - src https://obsproject.com/assets/images/new_icon_small-r.png
HTML - src %2
HTML - src %2
HTML - src %1

File Access (UNICODE)

api-ms-win-core-synch-l1-2-0.dll
kernel32.dll
MSCOREE.DLL
dbghelp.dll
\holisticmotioncapturefilter64bit.dll
\vmc_camerafilter64bit.dll
\live3dvirtualcam\lib64.dll
\live3dvirtualcam\lib64_new.dll
\live3dvirtualcam\lib64_new2.dll
\vseefacecamera64bit.dll
\unitycapturefilter64bit.dll
\ctxdsendpoints64.dll
\bdcam64.dll
\t_prevent64.dll
\f_sps.dll
\coresync_x64.dll
\hookdll.dll
\rtsultramonhook.dll
\easyhook64.dll
\wslbscr64.dll
\mc_trans_video_imagescaler.dll
\wintab32.dll
\pxshw10_x64.dll
\gtii-osd64-vk.dll
\gtii-osd64.dll
\fraps64.dll
\nahimicmsiosd.dll
\nahimicmsidevprops.dll
\asproxy64.dll
\sendori.dll
\atkdx11disp.dll
\action_x64.dll
\axonoverlay.dll
\rtsshooks.dll
m\dbroverlayiconbackuped.dll
RTWorkQ.dll

Interest's Words

ToolBar
Encrypt
Encryption
PassWord
<html
<head
<body
<img
<table
<meta
<title
setInterval
exec
window.location
unescape
netsh
attrib
start
pause
hostname
wmic
shutdown
ping
expand
replace
route

Interest's Words (UNICODE)

<html
<head
<title
start
pause
expand

Anti-VM/Sandbox/Debug Tricks (UNICODE)

OllyDbg Libary - dbghelp.dll

URLs

http://www.google.com/policies/privacy
http://127.0.0.1:%1
http://www.w3.org/TR/REC-html40/strict.dtd
http://www.w3.org/2000/svg
http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htm
http://www.ascendercorp.com/typedesigners.htm
http://www.apache.org/licenses/LICENSE-2.0
http://ocsp.verisign.com
http://crl.verisign.com/tss-ca.crl
http://crl.verisign.com/ThawteTimestampingCA.crl
http://logo.verisign.com/vslogo.gif0
http://crl.verisign.com/pca3.crl
http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl
http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer
http://creativecommons.org/ns
http://purl.org/dc/elements/1.1/
http://www.w3.org/1999/02/22-rdf-syntax-ns
http://purl.org/dc/dcmitype/StillImage
http://ns.adobe.com/photoshop/1.0/
http://ns.adobe.com/xap/1.0/
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceEvent
http://ns.adobe.com/tiff/1.0/
http://ns.adobe.com/exif/1.0/
http://www.openswatchbook.org/uri/2009/osb
https://obsproject.com/contribute
https://github.com/obsproject/obs-studio/blob/master/CONTRIBUTING.rst
https://obsproject.com/patreon/about-box.json
https://github.com/obsproject/obs-studio/blob/master/AUTHORS
https://github.com/obsproject/obs-studio/blob/master/COPYING
https://www.facebook.com/live/producer?ref=OBS
https://obsproject.com/logs/upload
https://obsproject.com/help
https://obsproject.com
https://obsproject.com/discord
https://github.com/obsproject/obs-studio/releases
https://www.youtube.com/t/terms
https://security.google.com/settings/security/permissions
https://obsproject.com/tools/analyzer
https://twitch.tv/
https://cdn.frankerfacez.com/script/script.min.js
https://cdn.betterttv.net/betterttv.js
https://twitch.tv/popout/frankerfacez/chat?ffz-settings
https://api.twitch.tv/helix/
https://auth.obsproject.com/v1/twitch/token
https://www.twitch.tv/
https://www.twitch.tv/popout/
https://dashboard.twitch.tv/popout/u/
https://www.twitch.tv
https://auth.obsproject.com/v1/twitch/redirect
https://api.restream.io/v2/user/streamKey
https://auth.obsproject.com/v1/restream/token
https://restream.io/chat-application
https://restream.io/titles/embed
https://restream.io/channel/embed
https://auth.obsproject.com/v1/restream/redirect
https://obsproject.com/placeholders/youtube-chat
https://www.youtube.com/live_chat?is_popout=1&dark_theme=1&v=%1
https://www.googleapis.com/auth/youtube
https://accounts.google.com/o/oauth2/v2/auth
https://www.googleapis.com/oauth2/v4/token
https://studio.youtube.com/live/channel/UC/console?kc=OBS
https://studio.youtube.com/live/channel/%1/console?kc=OBS
https://studio.youtube.com/channel/%1/videos/live?filter=[]&sort={
https://oauth2.googleapis.com/token
https://www.googleapis.com/youtube/v3/channels?part=snippet,contentDetails,statistics&mine=true
https://www.googleapis.com/youtube/v3/liveBroadcasts?part=snippet,status,contentDetails
https://www.googleapis.com/youtube/v3/liveStreams?part=snippet,cdn,status,contentDetails
https://www.googleapis.com/youtube/v3/liveBroadcasts/bind?id=%1&streamId=%2&part=id,snippet,contentDetails,status
https://www.googleapis.com/youtube/v3/liveBroadcasts?part=snippet,contentDetails,status&broadcastType=all&maxResults=50
https://www.googleapis.com/youtube/v3/videoCategories?part=snippet®ionCode=%1&hl=%2
https://www.googleapis.com/youtube/v3/videos?part=snippet
https://www.googleapis.com/upload/youtube/v3/thumbnails/set?videoId=
https://www.googleapis.com/youtube/v3/liveBroadcasts/transition?id=%1&broadcastStatus=%2&part=status
https://www.googleapis.com/youtube/v3/liveBroadcasts/transition?id=%1&broadcastStatus=complete&part=status
https://www.googleapis.com/youtube/v3/liveBroadcasts?part=id,snippet,contentDetails,status
https://www.googleapis.com/youtube/v3/liveBroadcasts?part=id,snippet,contentDetails,status&broadcastType=all&maxResults=1
https://www.googleapis.com/youtube/v3/liveStreams?part=id,snippet,cdn,status&maxResults=1
https://www.googleapis.com/youtube/v3/liveChat/messages?part=snippet
https://obsproject.com/assets/images/new_icon_small-r.png
https://auth.obsproject.com/
https://obsproject.com/update_studio/whatsnew.json
https://obsproject.com/update_studio/
https://obsproject.com/update_studio/manifest.json
https://obsproject.com/update_studio/branches.json
https://obsproject.com/update_studio/updater.exe
https://www.verisign.com/rpa
https://www.verisign.com/cps0*
https://www.verisign.com/rpa0
https://www.verisign.com/rpa0

URLs (UNICODE)

http://www.ascendercorp.com/
http://www.ascendercorp.com/typedesigners.htmlLicensed under the Apache License, Version 2.0
http://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/LICENSE-2.0

IP Addresses

127.0.0.1

Known IP/Domains

facebook.com

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	Unicode escape - \u00 - (Common Unicode escape sequences)
Text	Ascii	WinAPI Sockets (bind)
Text	Ascii	WinAPI Sockets (listen)
Text	Ascii	WinAPI Sockets (accept)
Text	Ascii	WinAPI Sockets (connect)
Text	Unicode	WinAPI Sockets (connect)
Text	Ascii	WinAPI Sockets (send)
Text	Unicode	WinAPI Sockets (send)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Stealth (GetThreadContext)
Text	Ascii	Stealth (SetThreadContext)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (VirtualAlloc)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Stealth (NtUnmapViewOfSection)
Text	Ascii	Execution (ShellExecute)
Text	Ascii	Execution (ResumeThread)
Text	Ascii	Execution (CreateEventW)
Text	Unicode	Privileges (SeDebugPrivilege)
Text	Unicode	Privileges (SeIncreaseBasePriorityPrivilege)
Text	Ascii	Keyboard Key (Scroll)
Text	Ascii	Keyboard Key (PageDown)
Text	Ascii	Keyboard Key (PageUp)
Text	Ascii	Keyboard Key (CapsLock)
Text	Ascii	Keyboard Key (Backspace)
Text	Ascii	Keyboard Key (Ctrl+C)
Text	Ascii	Keyboard Key (Ctrl+D)
Text	Ascii	Keyboard Key (Ctrl+S)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)
Entry Point	Hex Pattern	PE-Exe Executable Image

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\1\1033	449390	2E8	443990	2800000020000000400000000100040000000000800200000000000000000000100000000000000000000000000080000080	(... ...@.........................................
\ICON\2\1033	449678	128	443C78	2800000010000000200000000100040000000000C00000000000000000000000100000000000000000000000000080000080	(....... .........................................
\ICON\3\1033	4497A0	EA8	443DA0	2800000030000000600000000100080000000000800A000000000000000000000001000000000000000000000B070B000C08	(...0............................................
\ICON\4\1033	44A648	8A8	444C48	28000000200000004000000001000800000000008004000000000000000000000001000000000000000000000D0A0D000F0C	(... ...@.........................................
\ICON\5\1033	44AEF0	568	4454F0	2800000010000000200000000100080000000000400100000000000000000000000100000000000000000000110D10001411	(....... ...........@.............................
\ICON\6\1033	44B458	A3E9	445A58	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000A3B04944415478DAEC5D0760144517	.PNG........IHDR.............\r.f....IDATx..]..E.
\ICON\7\1033	455848	4228	44FE48	2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000	(...@......... ......B............................
\ICON\8\1033	459A70	25A8	454070	2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000	(...0........ ......%............................
\ICON\9\1033	45C018	1A68	456618	2800000028000000500000000100200000000000401A00000000000000000000000000000000000000000000000000000000	(...(...P..... .....@.............................
\ICON\10\1033	45DA80	10A8	458080	2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\11\1033	45EB28	988	459128	2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000	(.......0..... ..................................
\ICON\12\1033	45F4B0	6B8	459AB0	2800000014000000280000000100200000000000900600000000000000000000000000000000000000000000000000000000	(.......(..... ...................................
\ICON\13\1033	45FB68	468	45A168	2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000	(....... ..... .....@.............................
\GROUP_ICON\IDI_ICON1\1033	45FFD0	BC	45A5D0	000001000D002020100001000400E8020000010010101000010004002801000002003030000001000800A80E000003002020	...... ....................(.....00............
\VERSION\1\1033	460090	320	45A690	200334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000	.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033	4603B0	23F	45A9B0	EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65	...<?xml version="1.0" encoding="UTF-8" standalone

Intelligent String

• api-ms-win-crt-time-l1-1-0.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• api-ms-win-crt-math-l1-1-0.dll
• n_wcslwrapi-ms-win-crt-runtime-l1-1-0.dll
• <svg height="16px" viewBox="0 0 16 16" width="16px" xmlns="http://www.w3.org/2000/svg">
• <svg width="16px" height="16px" version="1.1" viewBox="0 0 16 16" xmlns="http://www.w3.org/2000/svg">
• <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"
• <svg width="16" height="16" version="1.1" viewBox="0 0 4.2333 4.2333" xmlns="http://www.w3.org/2000/svg" xmlns:cc="http://creativecommons.org/ns" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns">
• Igrave.alt
• B.npc
• Undo.ForceMono.Off
• refresh:/res/images/refresh.svg
• playPauseButton:/res/images/media/media_restart.svg
• :/res/images/media/media_previous.svg
• :/res/images/media/media_stop.svg
• :/res/images/media/media_next.svg
• :/res/images/help.svg
• :/res/images/help_light.svg
• themes/Dark/no_sources.svg
• :res/images/no_sources.svg
• <a href='https://obsproject.com/contribute'>
• <a href='https://github.com/obsproject/obs-studio/blob/master/CONTRIBUTING.rst'>
• https://obsproject.com/patreon/about-box.json
• <a href="
• https://github.com/obsproject/obs-studio/blob/master/AUTHORS
• https://github.com/obsproject/obs-studio/blob/master/COPYING
• license/gplv2.txt
• Basic.Settings.Video.FPS
• loginPage
• loginPageLayoutconnectAccount
• stream_key_linkfbcdn.net
• https://www.facebook.com/live/producer?ref=OBS
• :/res/images/minus.svg
• :/res/images/up.svg
• :/res/images/down.svg
• :/res/images/plus.svg
• Undo.Add
• com.apple.videotoolbox.videoencoder.ave.avc
• Failed to glob profiles/basic.ini
• .bak
• .json.bak
• :/settings/images/settings/general.svg
• :/res/images/obs.png
• :/res/images/dots-vert.svg
• :/res/images/interact.svg
• /bin/64bit
• basic.ini
• Failed to load basic.ini
• Hotkeys.End
• Hotkeys.Tab
• https://obsproject.com/logs/upload
• :/res/images/tray_active.png
• :/res/images/obs_paused.png
• Output.StreamEncodeError.Msg
• Output.RecordNoSpace.Msg
• Output.RecordError.Msg
• %s Virtual Camera output to Source : %shttps://obsproject.com/help
• https://obsproject.com
• https://obsproject.com/discord
• https://github.com/obsproject/obs-studio/releases
• invalid string: control character U+0000 (NUL) must be escaped to \u0000
• invalid string: control character U+0001 (SOH) must be escaped to \u0001
• invalid string: control character U+0002 (STX) must be escaped to \u0002
• invalid string: control character U+0003 (ETX) must be escaped to \u0003
• invalid string: control character U+0004 (EOT) must be escaped to \u0004
• invalid string: control character U+0005 (ENQ) must be escaped to \u0005
• invalid string: control character U+0006 (ACK) must be escaped to \u0006
• invalid string: control character U+0007 (BEL) must be escaped to \u0007
• invalid string: control character U+0008 (BS) must be escaped to \u0008 or \b
• invalid string: control character U+0009 (HT) must be escaped to \u0009 or \t
• invalid string: control character U+000A (LF) must be escaped to \u000A or \n
• invalid string: control character U+000B (VT) must be escaped to \u000B
• invalid string: control character U+000C (FF) must be escaped to \u000C or \f
• invalid string: control character U+000D (CR) must be escaped to \u000D or \r
• invalid string: control character U+000E (SO) must be escaped to \u000E
• invalid string: control character U+000F (SI) must be escaped to \u000F
• invalid string: control character U+0010 (DLE) must be escaped to \u0010
• invalid string: control character U+0011 (DC1) must be escaped to \u0011
• invalid string: control character U+0012 (DC2) must be escaped to \u0012
• invalid string: control character U+0013 (DC3) must be escaped to \u0013
• invalid string: control character U+0014 (DC4) must be escaped to \u0014
• invalid string: control character U+0015 (NAK) must be escaped to \u0015
• invalid string: control character U+0016 (SYN) must be escaped to \u0016
• invalid string: control character U+0017 (ETB) must be escaped to \u0017
• invalid string: control character U+0018 (CAN) must be escaped to \u0018
• invalid string: control character U+0019 (EM) must be escaped to \u0019
• invalid string: control character U+001A (SUB) must be escaped to \u001A
• invalid string: control character U+001B (ESC) must be escaped to \u001B
• invalid string: control character U+001C (FS) must be escaped to \u001C
• invalid string: control character U+001D (GS) must be escaped to \u001D
• invalid string: control character U+001E (RS) must be escaped to \u001E
• invalid string: control character U+001F (US) must be escaped to \u001Finvalid string: ill-formed UTF-8 byte
• Basic.Settings.Stream.TTVAddon.FFZ
• rist://Basic.Settings.Output.Simple.TwitchVodTrack
• <a href="https://www.youtube.com/t/terms">YouTube Terms of Service</a><br><a href="http://www.google.com/policies/privacy">Google Privacy Policy</a><br><a href="https://security.google.com/settings/security/permissions">Google Third-Party Permissions</a>
• Basic.Settings.Output.Warn.EnforceResolutionFPS.FPS
• Basic.Settings.Output.Warn.EnforceResolutionFPS.Msg
• setCurrentIndexBasic.Settings.Output.Simple.Codec.AAC
• Basic.Settings.Output.Simple.Codec.OpusBasic.Settings.Output.Warn.ServiceCodecCompatibility.Msg
• :/settings/images/settings/stream.svg
• :/settings/images/settings/output.svg
• :/settings/images/settings/audio.svg
• :/settings/images/settings/video.svg
• :/settings/images/settings/hotkeys.svg
• :/settings/images/settings/accessibility.svg
• Basic.Settings.Output.Mode.Adv
• Basic.Settings.Output.Adv.FFmpeg.Type.URL
• :/res/images/warning.svg
• Basic.Settings.Output.Format.FLV
• Basic.Settings.Output.Format.MKV
• Basic.Settings.Output.Format.MOV
• Basic.Settings.Output.Format.TSBasic.Settings.Output.Format.HLS
• themes/*.qss
• Basic.Settings.General.MultiviewLayout.Horizontal.Top
• Basic.Settings.General.MultiviewLayout.Horizontal.18Scene.Top
• Basic.Settings.General.MultiviewLayout.Horizontal.Extended.Top
• FilenameFormatting.TT.FPS
• Basic.Settings.Output.Simple.Warn.Lossless.Msg
• :/res/images/network-inactive.svg
• :/res/images/streaming-inactive.svg
• :/res/images/recording-inactive.svg
• 0.00 / 0.00 FPS:/res/images/network-excellent.svg
• :/res/images/network-good.svg
• :/res/images/network-mediocre.svg
• :/res/images/network-bad.svg
• :/res/images/recording-active.svg
• :/res/images/recording-pause.svg
• :/res/images/streaming-active.svg
• network-disconnected.svg
• network-inactive.svg
• streaming-inactive.svg
• recording-inactive.svg
• recording-pause-inactive.svg
• https://obsproject.com/tools/analyzer
• *.flv
• *.mov
• *.mkv
• ://smlndi
• https://twitch.tv/popout/frankerfacez/chat?ffz-settingsabout:blankblocked
• https://auth.obsproject.com/v1/twitch/tokenusers
• login
• https://www.twitch.tv
• https://auth.obsproject.com/v1/twitch/redirect
• https://api.restream.io/v2/user/streamKey
• https://auth.obsproject.com/v1/restream/token
• https://restream.io/chat-application
• https://restream.io/titles/embed
• https://restream.io/channel/embed
• https://auth.obsproject.com/v1/restream/redirect
• https://obsproject.com/placeholders/youtube-chat
• https://www.youtube.com/live_chat?is_popout=1&dark_theme=1&v=%1http://127.0.0.1:%1
• https://www.googleapis.com/auth/youtube
• https://accounts.google.com/o/oauth2/v2/auth
• <a href='%1'>Google OAuth Service</a>
• https://www.googleapis.com/oauth2/v4/token
• https://studio.youtube.com/live/channel/UC/console?kc=OBS
• https://studio.youtube.com/live/channel/%1/console?kc=OBS
• YouTube.Actions.Latency.Low
• https://studio.youtube.com/channel/%1/videos/live?filter=[]&sort={"columnType"%3A"date"%2C"sortOrder"%3A"DESCENDING"}
• https://oauth2.googleapis.com/token
• https://www.googleapis.com/youtube/v3/channels?part=snippet,contentDetails,statistics&mine=truetotalResults
• https://www.googleapis.com/youtube/v3/liveBroadcasts?part=snippet,status,contentDetailsselfDeclaredMadeForKidslatencyPreference
• https://www.googleapis.com/youtube/v3/liveStreams?part=snippet,cdn,status,contentDetails
• https://www.googleapis.com/youtube/v3/liveBroadcasts/bind?id=%1&streamId=%2&part=id,snippet,contentDetails,status
• https://www.googleapis.com/youtube/v3/liveBroadcasts?part=snippet,contentDetails,status&broadcastType=all&maxResults=50&mine=true
• https://www.googleapis.com/youtube/v3/videoCategories?part=snippet®ionCode=%1&hl=%2
• https://www.googleapis.com/youtube/v3/videos?part=snippet
• https://www.googleapis.com/youtube/v3/liveBroadcasts/transition?id=%1&broadcastStatus=%2&part=status
• https://www.googleapis.com/youtube/v3/liveBroadcasts/transition?id=%1&broadcastStatus=complete&part=status
• https://www.googleapis.com/youtube/v3/liveBroadcasts?part=id,snippet,contentDetails,status
• https://www.googleapis.com/youtube/v3/liveBroadcasts?part=id,snippet,contentDetails,status&broadcastType=all&maxResults=1
• https://www.googleapis.com/youtube/v3/liveStreams?part=id,snippet,cdn,status&maxResults=1
• https://www.googleapis.com/youtube/v3/liveChat/messages?part=snippet
• <center><img src="https://obsproject.com/assets/images/new_icon_small-r.png" alt="OBS" class="center" height="60" width="60"></center><center><p style="font-family:verdana; font-size:13pt">%1</p></center>
• obs-studio/global.ini
• locale/en-US.ini
• .ini
• .qss
• libobs-d3d11.dll
• libobs-opengl.dll
• locale.ini
• Could not open locale.ini
• :/fonts/OpenSans-Regular.ttf
• :/fonts/OpenSans-Bold.ttf
• :/fonts/OpenSans-Italic.ttf
• ../../obs_portable_mode../../portable_mode.txt../../obs_portable_mode.txt
• ../../disable_updater.txt
• ../../disable_missing_files_check.txt
• m\dbroverlayiconbackuped.dll
• \rtsshooks.dll
• \axonoverlay.dll
• \action_x64.dll
• \atkdx11disp.dll
• \sendori.dll
• \asproxy64.dll
• \nahimicmsidevprops.dll
• \nahimicmsiosd.dll
• \fraps64.dll
• \gtii-osd64.dll
• \gtii-osd64-vk.dll
• \pxshw10_x64.dll
• \wintab32.dll
• \mc_trans_video_imagescaler.dll
• \wslbscr64.dll
• \easyhook64.dll
• \rtsultramonhook.dll
• \hookdll.dll
• \coresync_x64.dll
• \f_sps.dll
• \t_prevent64.dll
• \bdcam64.dll
• \ctxdsendpoints64.dll
• \unitycapturefilter64bit.dll
• \vseefacecamera64bit.dll
• \live3dvirtualcam\lib64_new2.dll
• \live3dvirtualcam\lib64_new.dll
• \live3dvirtualcam\lib64.dll
• \vmc_camerafilter64bit.dll
• \holisticmotioncapturefilter64bit.dll
• OBSPublicRSAKey.pem
• https://obsproject.com/update_studio/whatsnew.json
• <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN" "http://www.w3.org/TR/REC-html40/strict.dtd">
• https://obsproject.com/update_studio/manifest.json
• https://obsproject.com/update_studio/branches.json
• https://obsproject.com/update_studio/updater.exe
• obs-studio\updates\updater.exe
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><g fill="000000"><path d="m 2.984375 1.003906 c -1.664063 0 -3 1.339844 -3 3 v 7 c 0 1.664063 1.335937 3 3 3 h 10 c 1.660156 0 3 -1.335937 3 -3 v -7 c 0 -1.660156 -1.339844 -3 -3 -3 z m 0 2 h 10 c 0.550781 0 1 0.445313 1 1 v 7 c 0 0.554688 -0.449219 1 -1 1 h -10 c -0.554687 0 -1 -0.445312 -1 -1 v -7 c 0 -0.554687 0.445313 -1 1 -1 z m 0 0"<path d="m 7.984375 16.003906 c 3 0 4 -1 4 -1 h -8 s 1 1 4 1 z m 0 0"</g></svg>
• B<svg xmlns="http://www.w3.org/2000/svg" width="16.017" height="16.005"><path d="M8.017 0a8 8 0 100 16 8 8 0 000-16zm0 2a2 2 0 110 4 2 2 0 010-4zM3.51 6c.016 0 .032 0 .048.002 0 0 3.015.248 4.46.248 1.444 0 4.458-.248 4.458-.248a.5.5 0 01.395.852c-.193.193-.293.182-.426.22a16.18 16.18 0 01-2.428.426c.05 1.877.084 3.307.354 4.2.15.492.297.853.41 1.113.057.13.104.233.143.326.039.092.093.121.093.361a.5.5 0 01-.853.354c-.228-.229-.4-.527-.64-.936a37.549 37.549 0 01-.76-1.371c-.399-.747-.614-1.18-.747-1.443-.132.262-.347.696-.746 1.443-.252.472-.519.962-.76 1.371-.24.409-.412.707-.64.936a.5.5 0 01-.854-.354c0-.24.055-.269.094-.361l.143-.327c.113-.26.26-.62.41-1.113.27-.892.304-2.322.353-4.199-.9-.07-1.517-.235-2.427-.426-.133-.038-.233-.027-.426-.22A.5.5 0 013.51 6z" style="marker:none" overflow="visible" fill="000000"</svg>
• 2010-2011, Google Corporation.Open SansRegularAscender - Open Sans Build 100Version 1.10OpenSansOpen Sans is a trademark of Google and may be registered in certain jurisdictions.Ascender Corporationhttp://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed under the Apache License, Version 2.0http://www.apache.org/licenses/LICENSE-2.0
• 2010-2011, Google Corporation.Open SansItalicAscender - Open Sans Italic Build 100Version 1.10OpenSans-ItalicOpen Sans is a trademark of Google and may be registered in certain jurisdictions.Ascender Corporationhttp://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed under the Apache License, Version 2.0http://www.apache.org/licenses/LICENSE-2.0
• 2010-2011, Google Corporation.Open SansBoldAscender - Open Sans Bold Build 100Version 1.10OpenSans-BoldOpen Sans is a trademark of Google and may be registered in certain jurisdictions.Ascender Corporationhttp://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.htmlLicensed under the Apache License, Version 2.0http://www.apache.org/licenses/LICENSE-2.0
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><g fill="000000"><path d="m 1 1 v 14 h 14 v -14 z m 1 1 h 12 v 12 h -12 z m 0 0"<path d="m 6 11 h 1 v 1 h -1 z m 1 1 h 1 v 1 h -1 z m -1 -3 h 1 v 1 h -1 z m 1 1 h 1 v 1 h -1 z m -1 -3 h 1 v 1 h -1 z m 1 1 h 1 v 1 h -1 z m -1 -3 h 1 v 1 h -1 z m 1 1 h 1 v 1 h -1 z m -1 -3 h 1 v 1 h -1 z m 1 1 h 1 v 1 h -1 z m -4 -1 h 3 v 10 h -3 z m 0 0"<path d="m 8 3 h 1 v 10 h -1 z m 2 9 h 1 v 1 h -1 z m 0 -2 h 1 v 1 h -1 z m 0 -2 h 1 v 1 h -1 z m 0 -2 h 1 v 1 h -1 z m 0 -2 h 1 v 1 h -1 z m -1 7 h 1 v 1 h -1 z m 0 -2 h 1 v 1 h -1 z m 0 -2 h 1 v 1 h -1 z m 0 -2 h 1 v 1 h -1 z m 0 -2 h 1 v 1 h -1 z m 0 0" fill-opacity="0.34902"</g></svg>
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><path d="m 8 1 c -2.199219 0 -4 1.800781 -4 4 v 2 c -1.109375 0 -2 0.890625 -2 2 v 5 c 0 0.554688 0.445312 1 1 1 h 10 c 0.554688 0 1 -0.445312 1 -1 v -5 c 0 -1.109375 -0.890625 -2 -2 -2 v -2 c 0 -2.199219 -1.800781 -4 -4 -4 z m 0 2 c 1.125 0 2 0.875 2 2 v 2 h -4 v -2 c 0 -1.125 0.875 -2 2 -2 z m 0 0" fill="000000"</svg>
• o<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-help-circle"><circle cx="12" cy="12" r="10"></circle><path d="M9.09 9a3 3 0 0 1 5.83 1c0 2-3 3-3 3"></path><line x1="12" y1="17" x2="12.01" y2="17"></line></svg>
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><path d="m 7.90625 0.105469 c -0.527344 -0.027344 -1.039062 0.28125 -1.4375 0.96875 l -6.25 11.59375 c -0.535156 0.964843 0.046875 2.34375 1.09375 2.34375 h 13.15625 c 0.980469 0 1.902344 -1.160157 1.21875 -2.34375 l -6.3125 -11.53125 c -0.398438 -0.648438 -0.941406 -1.003907 -1.46875 -1.03125 z m 0.0625 3.9375 c 0.542969 -0.019531 1.046875 0.488281 1.03125 1.03125 v 3.9375 c 0.007812 0.527343 -0.472656 1 -1 1 s -1.007812 -0.472657 -1 -1 v -3.9375 c -0.007812 -0.46875 0.355469 -0.914063 0.8125 -1 c 0.050781 -0.015625 0.101562 -0.023438 0.15625 -0.03125 z m 0.03125 6.96875 c 0.550781 0 1 0.449219 1 1 s -0.449219 1 -1 1 s -1 -0.449219 -1 -1 s 0.449219 -1 1 -1 z m 0 0" fill="000000"</svg>
• <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16"><path d="M13.98 1.99a1 1 0 0 0-.687.303l-.984.984A8 8 0 0 0 8 2 8 8 0 0 0 .262 8.01a8 8 0 0 0 2.943 4.37l-.912.913a1 1 0 1 0 1.414 1.414l11-11a1 1 0 0 0-.727-1.717zM8 4a4 4 0 0 1 2.611.974l-1.42 1.42A2 2 0 0 0 8 6a2 2 0 0 0-2 2 2 2 0 0 0 .396 1.19l-1.42 1.42A4 4 0 0 1 4 8a4 4 0 0 1 4-4zm7.03 2.209l-3.344 3.343a4 4 0 0 1-2.127 2.127l-2.28 2.28a8 8 0 0 0 .721.04 8 8 0 0 0 7.738-6.01 8 8 0 0 0-.709-1.78zm-7.53.79a.5.5 0 0 1 .5.5.5.5 0 0 1-.5.5.5.5 0 0 1-.5-.5.5.5 0 0 1 .5-.5z" fill="9a9996"</svg>
• iTXtXML:com.adobe.xmp
• <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns">
• xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/"
• xmlns:xmp="http://ns.adobe.com/xap/1.0/"
• xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/"
• xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent"
• xmlns:dc="http://purl.org/dc/elements/1.1/"
• xmlns:tiff="http://ns.adobe.com/tiff/1.0/"
• xmlns:exif="http://ns.adobe.com/exif/1.0/"
• <svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" viewBox="0 0 24 24" fill="none" stroke="rgb(82.352941%,82.352941%,82.352941%)" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round" class="feather feather-help-circle"><circle cx="12" cy="12" r="10"></circle><path d="M9.09 9a3 3 0 0 1 5.83 1c0 2-3 3-3 3"></path><line x1="12" y1="17" x2="12.01" y2="17"></line></svg>
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><path d="m 7.90625 0.105469 c -0.527344 -0.027344 -1.039062 0.28125 -1.4375 0.96875 l -6.25 11.59375 c -0.535156 0.964843 0.046875 2.34375 1.09375 2.34375 h 13.15625 c 0.980469 0 1.902344 -1.160157 1.21875 -2.34375 l -6.3125 -11.53125 c -0.398438 -0.648438 -0.941406 -1.003907 -1.46875 -1.03125 z m 0.0625 3.9375 c 0.542969 -0.019531 1.046875 0.488281 1.03125 1.03125 v 3.9375 c 0.007812 0.527343 -0.472656 1 -1 1 s -1.007812 -0.472657 -1 -1 v -3.9375 c -0.007812 -0.46875 0.355469 -0.914063 0.8125 -1 c 0.050781 -0.015625 0.101562 -0.023438 0.15625 -0.03125 z m 0.03125 6.96875 c 0.550781 0 1 0.449219 1 1 s -0.449219 1 -1 1 s -1 -0.449219 -1 -1 s 0.449219 -1 1 -1 z m 0 0" fill="f5c211"</svg>
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><path d="m 2 0 c -1.214844 0 -2 0.828125 -2 2 v 12 c 0 1 1 2 2 2 h 11.984375 c 1 0 2 -1 2 -2 v -12 c 0 -1.238281 -0.828125 -2 -2 -2 z m 8.984375 2 h 1 v 0.996094 h 1 v -0.996094 h 1 v 0.996094 h -1 v 1 l 1 0.003906 v 1 h -1 v -1.003906 h -1 v 1.003906 h -1 v -1.003906 h 1 v -1 l -1 0.003906 z m -8.984375 4 h 11.984375 v 8 h -11.984375 z m 0 0" fill="000000"</svg>
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><g fill="000000"><path d="m 9 11 c 0 2.210938 -1.789062 4.011719 -4 4 h -4 v -4 c 0 -2.210938 1.789062 -4 4 -4 s 4 1.789062 4 4 z m 0 0"<path d="m 14.40625 0.0507812 c -0.386719 0.0078126 -0.757812 0.1718748 -1.03125 0.4492188 l -5.800781 5.773438 c 0.90625 0.476562 1.644531 1.214843 2.121093 2.121093 l 5.800782 -5.769531 c 0.980468 -0.957031 0.277344 -2.6171875 -1.089844 -2.5742188 z m 0 0"</g></svg>
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><path d="m 6 2 c -0.550781 0 -1 0.449219 -1 1 v 1 h -3 c -0.550781 0 -1 0.449219 -1 1 v 8 c 0 0.550781 0.449219 1 1 1 h 12 c 0.550781 0 1 -0.449219 1 -1 v -8 c 0 -0.550781 -0.449219 -1 -1 -1 h -3 v -1 c 0 -0.550781 -0.449219 -1 -1 -1 z m 2 3 c 2.210938 0 4 1.789062 4 4 s -1.789062 4 -4 4 c -2.207031 0 -4 -1.789062 -4 -4 s 1.792969 -4 4 -4 z m 0 2 c -1.105469 0 -2 0.894531 -2 2 s 0.894531 2 2 2 s 2 -0.894531 2 -2 s -0.894531 -2 -2 -2 z m 0 0" fill="000000"</svg>
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><path d="m 3.5 5 c -0.277344 0 -0.5 0.222656 -0.5 0.5 v 2.96875 c 0 1.96875 1.257812 3.625 3 4.25 v 1.28125 h -2 c -0.5625 0 -1 0.488281 -1 1 v 1 h 9 v -1 c 0 -0.585938 -0.476562 -1 -1 -1 h -2 v -1.28125 c 1.742188 -0.625 3 -2.28125 3 -4.25 v -2.96875 c 0 -0.277344 -0.222656 -0.5 -0.5 -0.5 s -0.5 0.222656 -0.5 0.5 c 0 0.070312 0.007812 0.128906 0.03125 0.1875 v 2.78125 c 0 1.964844 -1.578125 3.53125 -3.53125 3.53125 s -3.5 -1.566406 -3.5 -3.53125 v -2.96875 c 0 -0.277344 -0.222656 -0.5 -0.5 -0.5 z m 4 -4.011719 c 1.386719 0 2.5 1.113281 2.5 2.5 v 5.011719 c 0 1.386719 -1.113281 2.5 -2.5 2.5 s -2.5 -1.113281 -2.5 -2.5 v -5.011719 c 0 -1.386719 1.113281 -2.5 2.5 -2.5 z m 0 0" fill="000000"</svg>
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><g fill="000000"><path d="m 5.972656 5.023438 c -0.550781 0 -1 0.449218 -1 1 c 0 0.554687 0.449219 1 1 1 c 0.550782 0 1 -0.445313 1 -1 c 0 -0.550782 -0.449218 -1 -1 -1 z m 3.5 3 l -2 2 l -1.5 -1 l -2 2 v 0.5 c 0 0.5 0.5 0.5 0.5 0.5 h 7 s 0.472656 -0.03125 0.5 -0.5 v -1 z m 0 0"<path d="m 3.972656 1.023438 c -1.644531 0 -3 1.355468 -3 3 v 8 c 0 1.648437 1.355469 3 3 3 h 8 c 1.644532 0 3 -1.351563 3 -3 v -8 c 0 -1.644532 -1.355468 -3 -3 -3 z m 0 2 h 8 c 0.570313 0 1 0.429687 1 1 v 8 c 0 0.574218 -0.429687 1 -1 1 h -8 c -0.570312 0 -1 -0.425782 -1 -1 v -8 c 0 -0.570313 0.429688 -1 1 -1 z m 0 0"</g></svg>
• <svg xmlns="http://www.w3.org/2000/svg" height="16px" viewBox="0 0 16 16" width="16px"><path d="m 6.71875 2 c -0.191406 0.007812 -0.371094 0.035156 -0.5625 0.0625 c -1.523438 0.21875 -2.976562 1.023438 -3.96875 2.34375 c -1.980469 2.640625 -1.421875 6.425781 1.21875 8.40625 s 6.425781 1.421875 8.40625 -1.21875 c 0.121094 -0.171875 0.1875 -0.382812 0.1875 -0.59375 v -1 h -1 c -0.3125 0 -0.625 0.152344 -0.8125 0.40625 c -1.332031 1.777344 -3.816406 2.113281 -5.59375 0.78125 s -2.113281 -3.816406 -0.78125 -5.59375 s 3.816406 -2.113281 5.59375 -0.78125 c 0.429688 0.320312 0.769531 0.734375 1.03125 1.1875 h -1.4375 c -0.550781 0 -1 0.449219 -1 1 v 1 h 6 v -6 h -1 c -0.550781 0 -1 0.449219 -1 1 v 1.6875 c -0.382812 -0.578125 -0.847656 -1.082031 -1.40625 -1.5 c -1.15625 -0.867188 -2.53125 -1.253906 -3.875 -1.1875 z m 0 0" fill="000000"</svg>
• hotkeys.svg
• audio.svg
• (fOpenSans-Bold.ttf
• down.svg
• streaming-active.svg
• 'right.svg
• &'paused_mac.png
• expand.svg
• T'plus.svg
• default.svg
• $Gmedia_restart.svg
• OAuthLoginurlChanged
• OAuthLogin
• dbghelp.dll
• MSCOREE.DLL
• kernel32.dll
• api-ms-win-core-synch-l1-2-0.dll
• obs64.pdb
• .tls
• .bss
• $obs_frontend_get_scenesobs-frontend-api.dll
• 4profile_snapshot_create5profile_snapshot_free>profiler_snapshot_dump_csv_gzkstrref_cmp
• Qt6Network.dll
• KERNEL32.dll
• VCRUNTIME140_1.dll
• api-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-convert-l1-1-0.dll
• api-ms-win-crt-environment-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• api-ms-win-crt-filesystem-l1-1-0.dll

Flow Anomalies

Offset	RVA	Section	Description
400	N/A	.text	JMP QWORD PTR [RIP+0x270F72]
408	N/A	.text	JMP QWORD PTR [RIP+0x270F7A]
410	N/A	.text	JMP QWORD PTR [RIP+0x270F5A]
418	N/A	.text	JMP QWORD PTR [RIP+0x270F62]
420	N/A	.text	JMP QWORD PTR [RIP+0x270F82]
428	N/A	.text	JMP QWORD PTR [RIP+0x270F72]
430	N/A	.text	JMP QWORD PTR [RIP+0x270F62]
438	N/A	.text	JMP QWORD PTR [RIP+0x270F72]
440	N/A	.text	JMP QWORD PTR [RIP+0x270FD2]
448	N/A	.text	JMP QWORD PTR [RIP+0x270FC2]
450	N/A	.text	JMP QWORD PTR [RIP+0x270FD2]
458	N/A	.text	JMP QWORD PTR [RIP+0x270FC2]
460	N/A	.text	JMP QWORD PTR [RIP+0x270FD2]
468	N/A	.text	JMP QWORD PTR [RIP+0x270FC2]
886	N/A	.text	CALL QWORD PTR [RIP+0x2709AC]
982	N/A	.text	CALL QWORD PTR [RIP+0x26CE20]
9B2	N/A	.text	CALL QWORD PTR [RIP+0x26CDF0]
9E2	N/A	.text	CALL QWORD PTR [RIP+0x26CDC0]
A22	N/A	.text	CALL QWORD PTR [RIP+0x26CD80]
A6E	N/A	.text	CALL QWORD PTR [RIP+0x26C5BC]
A9E	N/A	.text	CALL QWORD PTR [RIP+0x26CA0C]
1C6E	N/A	.text	CALL QWORD PTR [RIP+0x26F5C4]
1CF0	N/A	.text	CALL QWORD PTR [RIP+0x26F542]
1D74	N/A	.text	CALL QWORD PTR [RIP+0x26F4BE]
1F84	N/A	.text	JMP QWORD PTR [RIP+0x26B84E]
1F97	N/A	.text	JMP QWORD PTR [RIP+0x26B843]
1FA4	N/A	.text	JMP QWORD PTR [RIP+0x26B83E]
1FB7	N/A	.text	JMP QWORD PTR [RIP+0x26B813]
1FEE	N/A	.text	CALL QWORD PTR [RIP+0x26F244]
217E	N/A	.text	CALL QWORD PTR [RIP+0x26F0B4]
224E	N/A	.text	CALL QWORD PTR [RIP+0x26B4CC]
232E	N/A	.text	CALL QWORD PTR [RIP+0x26B3EC]
2469	N/A	.text	CALL QWORD PTR [RIP+0x26E831]
24E1	N/A	.text	CALL QWORD PTR [RIP+0x26B261]
2717	N/A	.text	CALL QWORD PTR [RIP+0x26B093]
2767	N/A	.text	CALL QWORD PTR [RIP+0x26E67B]
2788	N/A	.text	CALL QWORD PTR [RIP+0x26AF82]
27E3	N/A	.text	CALL QWORD PTR [RIP+0x26E5FF]
280B	N/A	.text	CALL QWORD PTR [RIP+0x26AEFF]
286D	N/A	.text	CALL QWORD PTR [RIP+0x26E50D]
288E	N/A	.text	CALL QWORD PTR [RIP+0x26AE7C]
28F2	N/A	.text	CALL QWORD PTR [RIP+0x26E488]
291A	N/A	.text	CALL QWORD PTR [RIP+0x26ADF0]
297E	N/A	.text	CALL QWORD PTR [RIP+0x26E3FC]
29A6	N/A	.text	CALL QWORD PTR [RIP+0x26AD64]
2A01	N/A	.text	CALL QWORD PTR [RIP+0x26E379]
2A29	N/A	.text	CALL QWORD PTR [RIP+0x26ACE1]
2A84	N/A	.text	CALL QWORD PTR [RIP+0x26E2F6]
2AAC	N/A	.text	CALL QWORD PTR [RIP+0x26AC5E]
2B04	N/A	.text	CALL QWORD PTR [RIP+0x26E116]
2B2C	N/A	.text	CALL QWORD PTR [RIP+0x26ABDE]
2B84	N/A	.text	CALL QWORD PTR [RIP+0x26E18E]
2BAC	N/A	.text	CALL QWORD PTR [RIP+0x26AB5E]
2C09	N/A	.text	CALL QWORD PTR [RIP+0x26E141]
2C2A	N/A	.text	CALL QWORD PTR [RIP+0x26AAE0]
2C8C	N/A	.text	CALL QWORD PTR [RIP+0x26DF9E]
2CAD	N/A	.text	CALL QWORD PTR [RIP+0x26AA5D]
2D20	N/A	.text	CALL QWORD PTR [RIP+0x26A9EA]
2D81	N/A	.text	CALL QWORD PTR [RIP+0x26DEF9]
2DCC	N/A	.text	CALL QWORD PTR [RIP+0x26DF7E]
2DF4	N/A	.text	CALL QWORD PTR [RIP+0x26A916]
2E55	N/A	.text	CALL QWORD PTR [RIP+0x26DDD5]
2E7D	N/A	.text	CALL QWORD PTR [RIP+0x26A88D]
2EDE	N/A	.text	CALL QWORD PTR [RIP+0x26DD4C]
2F06	N/A	.text	CALL QWORD PTR [RIP+0x26A804]
2F67	N/A	.text	CALL QWORD PTR [RIP+0x26DCC3]
2F8F	N/A	.text	CALL QWORD PTR [RIP+0x26A77B]
2FF0	N/A	.text	CALL QWORD PTR [RIP+0x26DC3A]
3018	N/A	.text	CALL QWORD PTR [RIP+0x26A6F2]
3079	N/A	.text	CALL QWORD PTR [RIP+0x26DBB1]
30A1	N/A	.text	CALL QWORD PTR [RIP+0x26A669]
3102	N/A	.text	CALL QWORD PTR [RIP+0x26DB28]
312A	N/A	.text	CALL QWORD PTR [RIP+0x26A5E0]
3308	N/A	.text	CALL QWORD PTR [RIP+0x26DAEA]
3329	N/A	.text	CALL QWORD PTR [RIP+0x26DAF9]
3353	N/A	.text	CALL QWORD PTR [RIP+0x26DA2F]
3373	N/A	.text	CALL QWORD PTR [RIP+0x26DA7F]
3394	N/A	.text	CALL QWORD PTR [RIP+0x26DA8E]
33BE	N/A	.text	CALL QWORD PTR [RIP+0x26D9C4]
33EA	N/A	.text	CALL QWORD PTR [RIP+0x26D9D8]
3422	N/A	.text	CALL QWORD PTR [RIP+0x26A380]
3430	N/A	.text	CALL QWORD PTR [RIP+0x26D932]
343B	N/A	.text	CALL QWORD PTR [RIP+0x26A397]
3473	N/A	.text	CALL QWORD PTR [RIP+0x26A32F]
3481	N/A	.text	CALL QWORD PTR [RIP+0x26D8E1]
348C	N/A	.text	CALL QWORD PTR [RIP+0x26A346]
3492	N/A	.text	CALL QWORD PTR [RIP+0x26A228]
34CD	N/A	.text	CALL QWORD PTR [RIP+0x26A245]
34EC	N/A	.text	CALL QWORD PTR [RIP+0x26AA9E]
351B	N/A	.text	CALL QWORD PTR [RIP+0x26D83F]
354A	N/A	.text	CALL QWORD PTR [RIP+0x26D880]
357F	N/A	.text	CALL QWORD PTR [RIP+0x26A223]
3590	N/A	.text	CALL QWORD PTR [RIP+0x26D82A]
359E	N/A	.text	CALL QWORD PTR [RIP+0x26A234]
35AF	N/A	.text	CALL QWORD PTR [RIP+0x26A22B]
35E6	N/A	.text	CALL QWORD PTR [RIP+0x26D784]
365D	N/A	.text	CALL QWORD PTR [RIP+0x26D705]
3673	N/A	.text	CALL QWORD PTR [RIP+0x26A15F]
3686	N/A	.text	CALL QWORD PTR [RIP+0x26A14C]
369F	N/A	.text	CALL QWORD PTR [RIP+0x26A103]
2DD889-2DD938	N/A	.rdata	Potential obfuscated jump sequence detected, count: 88
3117D9-311830	N/A	.rdata	Potential obfuscated jump sequence detected, count: 44
42DA00	1070	.pdata	ExceptionHook \| Pointer to 1070 - 0x470 .text + UnwindInfo: .rdata
42DA0C	1260	.pdata	ExceptionHook \| Pointer to 1260 - 0x660 .text + UnwindInfo: .rdata
42DA18	12B0	.pdata	ExceptionHook \| Pointer to 12B0 - 0x6B0 .text + UnwindInfo: .rdata
42DA24	12F0	.pdata	ExceptionHook \| Pointer to 12F0 - 0x6F0 .text + UnwindInfo: .rdata
42DA30	1340	.pdata	ExceptionHook \| Pointer to 1340 - 0x740 .text + UnwindInfo: .rdata
42DA3C	1570	.pdata	ExceptionHook \| Pointer to 1570 - 0x970 .text + UnwindInfo: .rdata
42DA48	15A0	.pdata	ExceptionHook \| Pointer to 15A0 - 0x9A0 .text + UnwindInfo: .rdata
42DA54	15D0	.pdata	ExceptionHook \| Pointer to 15D0 - 0x9D0 .text + UnwindInfo: .rdata
42DA60	1610	.pdata	ExceptionHook \| Pointer to 1610 - 0xA10 .text + UnwindInfo: .rdata
42DA6C	1640	.pdata	ExceptionHook \| Pointer to 1640 - 0xA40 .text + UnwindInfo: .rdata
42DA78	16D0	.pdata	ExceptionHook \| Pointer to 16D0 - 0xAD0 .text + UnwindInfo: .rdata
42DA84	1940	.pdata	ExceptionHook \| Pointer to 1940 - 0xD40 .text + UnwindInfo: .rdata
42DA90	2B50	.pdata	ExceptionHook \| Pointer to 2B50 - 0x1F50 .text + UnwindInfo: .rdata
42DA9C	2BC0	.pdata	ExceptionHook \| Pointer to 2BC0 - 0x1FC0 .text + UnwindInfo: .rdata
42DAA8	2C10	.pdata	ExceptionHook \| Pointer to 2C10 - 0x2010 .text + UnwindInfo: .rdata
42DAB4	2C63	.pdata	ExceptionHook \| Pointer to 2C63 - 0x2063 .text + UnwindInfo: .rdata
42DAC0	2CE0	.pdata	ExceptionHook \| Pointer to 2CE0 - 0x20E0 .text + UnwindInfo: .rdata
42DACC	2D00	.pdata	ExceptionHook \| Pointer to 2D00 - 0x2100 .text + UnwindInfo: .rdata
42DAD8	2D0F	.pdata	ExceptionHook \| Pointer to 2D0F - 0x210F .text + UnwindInfo: .rdata
42DAE4	2D7D	.pdata	ExceptionHook \| Pointer to 2D7D - 0x217D .text + UnwindInfo: .rdata
42DAF0	2D7E	.pdata	ExceptionHook \| Pointer to 2D7E - 0x217E .text + UnwindInfo: .rdata
42DAFC	2DA0	.pdata	ExceptionHook \| Pointer to 2DA0 - 0x21A0 .text + UnwindInfo: .rdata
42DB08	2E80	.pdata	ExceptionHook \| Pointer to 2E80 - 0x2280 .text + UnwindInfo: .rdata
42DB14	2F60	.pdata	ExceptionHook \| Pointer to 2F60 - 0x2360 .text + UnwindInfo: .rdata
42DB20	3060	.pdata	ExceptionHook \| Pointer to 3060 - 0x2460 .text + UnwindInfo: .rdata
42DB2C	3090	.pdata	ExceptionHook \| Pointer to 3090 - 0x2490 .text + UnwindInfo: .rdata
42DB38	5A10	.pdata	ExceptionHook \| Pointer to 5A10 - 0x4E10 .text + UnwindInfo: .rdata
42DB44	5A50	.pdata	ExceptionHook \| Pointer to 5A50 - 0x4E50 .text + UnwindInfo: .rdata
42DB50	5AC0	.pdata	ExceptionHook \| Pointer to 5AC0 - 0x4EC0 .text + UnwindInfo: .rdata
42DB5C	5B10	.pdata	ExceptionHook \| Pointer to 5B10 - 0x4F10 .text + UnwindInfo: .rdata
42DB68	5B70	.pdata	ExceptionHook \| Pointer to 5B70 - 0x4F70 .text + UnwindInfo: .rdata
42DB74	5BD0	.pdata	ExceptionHook \| Pointer to 5BD0 - 0x4FD0 .text + UnwindInfo: .rdata
42DB80	5C00	.pdata	ExceptionHook \| Pointer to 5C00 - 0x5000 .text + UnwindInfo: .rdata
42DB8C	6340	.pdata	ExceptionHook \| Pointer to 6340 - 0x5740 .text + UnwindInfo: .rdata
42DB98	63A0	.pdata	ExceptionHook \| Pointer to 63A0 - 0x57A0 .text + UnwindInfo: .rdata
42DBA4	6410	.pdata	ExceptionHook \| Pointer to 6410 - 0x5810 .text + UnwindInfo: .rdata
42DBB0	6450	.pdata	ExceptionHook \| Pointer to 6450 - 0x5850 .text + UnwindInfo: .rdata
42DBBC	6510	.pdata	ExceptionHook \| Pointer to 6510 - 0x5910 .text + UnwindInfo: .rdata
42DBC8	6640	.pdata	ExceptionHook \| Pointer to 6640 - 0x5A40 .text + UnwindInfo: .rdata
42DBD4	6680	.pdata	ExceptionHook \| Pointer to 6680 - 0x5A80 .text + UnwindInfo: .rdata
42DBE0	66C0	.pdata	ExceptionHook \| Pointer to 66C0 - 0x5AC0 .text + UnwindInfo: .rdata
42DBEC	6700	.pdata	ExceptionHook \| Pointer to 6700 - 0x5B00 .text + UnwindInfo: .rdata
42DBF8	6740	.pdata	ExceptionHook \| Pointer to 6740 - 0x5B40 .text + UnwindInfo: .rdata
42DC04	6780	.pdata	ExceptionHook \| Pointer to 6780 - 0x5B80 .text + UnwindInfo: .rdata
42DC10	67C0	.pdata	ExceptionHook \| Pointer to 67C0 - 0x5BC0 .text + UnwindInfo: .rdata
42DC1C	6800	.pdata	ExceptionHook \| Pointer to 6800 - 0x5C00 .text + UnwindInfo: .rdata
42DC28	6840	.pdata	ExceptionHook \| Pointer to 6840 - 0x5C40 .text + UnwindInfo: .rdata
42DC34	6880	.pdata	ExceptionHook \| Pointer to 6880 - 0x5C80 .text + UnwindInfo: .rdata
42DC40	68C0	.pdata	ExceptionHook \| Pointer to 68C0 - 0x5CC0 .text + UnwindInfo: .rdata
42DC4C	6910	.pdata	ExceptionHook \| Pointer to 6910 - 0x5D10 .text + UnwindInfo: .rdata
42DC58	6980	.pdata	ExceptionHook \| Pointer to 6980 - 0x5D80 .text + UnwindInfo: .rdata
42DC64	6A20	.pdata	ExceptionHook \| Pointer to 6A20 - 0x5E20 .text + UnwindInfo: .rdata
42DC70	6B20	.pdata	ExceptionHook \| Pointer to 6B20 - 0x5F20 .text + UnwindInfo: .rdata
42DC7C	6BC0	.pdata	ExceptionHook \| Pointer to 6BC0 - 0x5FC0 .text + UnwindInfo: .rdata
42DC88	6CB0	.pdata	ExceptionHook \| Pointer to 6CB0 - 0x60B0 .text + UnwindInfo: .rdata
42DC94	6DA0	.pdata	ExceptionHook \| Pointer to 6DA0 - 0x61A0 .text + UnwindInfo: .rdata
42DCA0	6E90	.pdata	ExceptionHook \| Pointer to 6E90 - 0x6290 .text + UnwindInfo: .rdata
42DCAC	6FA0	.pdata	ExceptionHook \| Pointer to 6FA0 - 0x63A0 .text + UnwindInfo: .rdata
42DCB8	7090	.pdata	ExceptionHook \| Pointer to 7090 - 0x6490 .text + UnwindInfo: .rdata
42DCC4	7190	.pdata	ExceptionHook \| Pointer to 7190 - 0x6590 .text + UnwindInfo: .rdata
42DCD0	7230	.pdata	ExceptionHook \| Pointer to 7230 - 0x6630 .text + UnwindInfo: .rdata
42DCDC	7280	.pdata	ExceptionHook \| Pointer to 7280 - 0x6680 .text + UnwindInfo: .rdata
42DCE8	7300	.pdata	ExceptionHook \| Pointer to 7300 - 0x6700 .text + UnwindInfo: .rdata
42DCF4	7370	.pdata	ExceptionHook \| Pointer to 7370 - 0x6770 .text + UnwindInfo: .rdata
42DD00	7440	.pdata	ExceptionHook \| Pointer to 7440 - 0x6840 .text + UnwindInfo: .rdata
42DD0C	76F0	.pdata	ExceptionHook \| Pointer to 76F0 - 0x6AF0 .text + UnwindInfo: .rdata
42DD18	7910	.pdata	ExceptionHook \| Pointer to 7910 - 0x6D10 .text + UnwindInfo: .rdata
42DD24	79D0	.pdata	ExceptionHook \| Pointer to 79D0 - 0x6DD0 .text + UnwindInfo: .rdata
42DD30	7A40	.pdata	ExceptionHook \| Pointer to 7A40 - 0x6E40 .text + UnwindInfo: .rdata
42DD3C	7C50	.pdata	ExceptionHook \| Pointer to 7C50 - 0x7050 .text + UnwindInfo: .rdata
42DD48	7D80	.pdata	ExceptionHook \| Pointer to 7D80 - 0x7180 .text + UnwindInfo: .rdata
42DD54	7E50	.pdata	ExceptionHook \| Pointer to 7E50 - 0x7250 .text + UnwindInfo: .rdata
42DD60	80E0	.pdata	ExceptionHook \| Pointer to 80E0 - 0x74E0 .text + UnwindInfo: .rdata
42DD6C	8130	.pdata	ExceptionHook \| Pointer to 8130 - 0x7530 .text + UnwindInfo: .rdata
42DD78	8190	.pdata	ExceptionHook \| Pointer to 8190 - 0x7590 .text + UnwindInfo: .rdata
42DD84	81D0	.pdata	ExceptionHook \| Pointer to 81D0 - 0x75D0 .text + UnwindInfo: .rdata
42DD90	8220	.pdata	ExceptionHook \| Pointer to 8220 - 0x7620 .text + UnwindInfo: .rdata
42DD9C	8260	.pdata	ExceptionHook \| Pointer to 8260 - 0x7660 .text + UnwindInfo: .rdata
42DDA8	8330	.pdata	ExceptionHook \| Pointer to 8330 - 0x7730 .text + UnwindInfo: .rdata
42DDB4	8350	.pdata	ExceptionHook \| Pointer to 8350 - 0x7750 .text + UnwindInfo: .rdata
42DDC0	83E0	.pdata	ExceptionHook \| Pointer to 83E0 - 0x77E0 .text + UnwindInfo: .rdata
42DDCC	8410	.pdata	ExceptionHook \| Pointer to 8410 - 0x7810 .text + UnwindInfo: .rdata
42DDD8	8920	.pdata	ExceptionHook \| Pointer to 8920 - 0x7D20 .text + UnwindInfo: .rdata
42DDE4	8CA0	.pdata	ExceptionHook \| Pointer to 8CA0 - 0x80A0 .text + UnwindInfo: .rdata
42DDF0	8F50	.pdata	ExceptionHook \| Pointer to 8F50 - 0x8350 .text + UnwindInfo: .rdata
42DDFC	8F60	.pdata	ExceptionHook \| Pointer to 8F60 - 0x8360 .text + UnwindInfo: .rdata
42DE08	9320	.pdata	ExceptionHook \| Pointer to 9320 - 0x8720 .text + UnwindInfo: .rdata
42DE14	9340	.pdata	ExceptionHook \| Pointer to 9340 - 0x8740 .text + UnwindInfo: .rdata
42DE20	96A0	.pdata	ExceptionHook \| Pointer to 96A0 - 0x8AA0 .text + UnwindInfo: .rdata
42DE2C	99C0	.pdata	ExceptionHook \| Pointer to 99C0 - 0x8DC0 .text + UnwindInfo: .rdata
42DE38	9D00	.pdata	ExceptionHook \| Pointer to 9D00 - 0x9100 .text + UnwindInfo: .rdata
42DE44	A110	.pdata	ExceptionHook \| Pointer to A110 - 0x9510 .text + UnwindInfo: .rdata
42DE50	A2D0	.pdata	ExceptionHook \| Pointer to A2D0 - 0x96D0 .text + UnwindInfo: .rdata
42DE5C	A4A0	.pdata	ExceptionHook \| Pointer to A4A0 - 0x98A0 .text + UnwindInfo: .rdata
42DE68	A510	.pdata	ExceptionHook \| Pointer to A510 - 0x9910 .text + UnwindInfo: .rdata
42DE74	A540	.pdata	ExceptionHook \| Pointer to A540 - 0x9940 .text + UnwindInfo: .rdata
42DE80	A6D0	.pdata	ExceptionHook \| Pointer to A6D0 - 0x9AD0 .text + UnwindInfo: .rdata
42DE8C	A6EF	.pdata	ExceptionHook \| Pointer to A6EF - 0x9AEF .text + UnwindInfo: .rdata
42DE98	A736	.pdata	ExceptionHook \| Pointer to A736 - 0x9B36 .text + UnwindInfo: .rdata
42DEA4	A750	.pdata	ExceptionHook \| Pointer to A750 - 0x9B50 .text + UnwindInfo: .rdata

Extra Analysis

Metric	Value	Percentage
Ascii Code	2986635	61,6104%
Null Byte Code	676111	13,9473%

PESCAN.IO - Analysis Report Basic